Thomas Raehalme <thomas.raehalme@...> writes:

> 
> Hi,
> 
> Previously we have used Atlassian Crowd as a source for user data in
> various applications, both in-house built and proprietary such as JIRA
> or Confluence. As we have deployed FreeIPA, I would like to start
> using it as the identity source. Unfortunately using Kerberos is not
> always possible so I am thinking about LDAP which often is an option
> in 3rd party applicaitons.
> 
> Anonymous access to the FreeIPA LDAP is enabled by default. Is it
> possible to configure username/password to access the information?
> Currently vSphere has a problem with anonymous access to LDAP not
> working as intended. Ofcourse it would be nice to be able to restrict
> access anyways.
> 
> If using FreeIPA LDAP as the identity source, how should
> authentication be handled? Is it possible to read the hash code for
> passwords? Is it possible to authenticate against the LDAP service?
> 
> Any advice appreciated!
> 
> Best regards,
> Thomas


Hi,

I have just successfully configured confluence and jira to use FreeIPA for 
its LDAP user directory.

First, create an IPA user group for confluence-users and jira-users using 
the IPA dashboard. Then add a user to both of these groups.

If you navigate to the confluence and jira dashboards and then in the "User 
Directories" settings menu add a "Generic Directory Server" and then use the 
following settings...

Base DN: You can find this in your IPA config.
Additional User DN: cn=users,cn=accounts
Additional Group DN: cn=groups,cn=accounts
LDAP Permissions: Read Only

Advanced Settings - Defaults are fine for this section

User Schema Settings    
User Object Class:              inetorgperson
User Object Filter:             (objectclass=inetorgperson)
User Name Attribute:            uid
User Name RDN Attribute:        uid
User First Name Attribute:      givenName
User Last Name Attribute:       sn
User Display Name Attribute:    displayName
User Email Attribute:           mail
User Password Attribute:        userPassword
User Password Encryption:       SHA
User Unique ID Attribute:       ipaUniqueID

Group Schema Settings           
Group Object Class      ipausergroup
Group Object Filter     (objectclass=ipausergroup)
Group Name Attribute    cn
Group Description       description

Membership Schema Settings      
Group Members Attribute: member
User Membership Attribute: member (This is not used due to the next option)
User the User Membership Attribute: (Ensure this is unchecked, it is not 
supported)

Now save and test using the user who is in the groups created above.

Hope this helps someone.

Dan


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to